tall man, small world

Maliciously Viral

This past week has seen me battling viruses, both in my head and chest in the form of another cold and on a computer at work. Both had appeared out of nowhere and caused me much annoyance.

The subject of this post is the computer based one. I’ll just state here and now that I have no love for malicious-virus writers, and I don’t even buy into the argument that they “test companies security” – if that were true then they would write harmless programs that simply phone home with details of where and how they got in. Some do that admittedly, they are the ones referred to as White Hat virus writers, the ones I’m seething about at the moment are the ones who write the viruses that do indiscriminate damage to computers like the ones at the company I work for, that send out thousands upon thousands of spam emails in our name. The keyloggers stealing passwords and credit card numbers.

The mechanisms for the virus getting in are ever more sneaky, an inexperienced user might click on an email that they think is genuine, I’ve even seen emails faked to appear like messages from the email server itself regarding undeliverable mail, but many people are wise to this and recognise when emails purporting to be about invoices or so on are from addresses they don’t recognise so now the virus writers are infecting unsuspecting websites, inserting code that just runs the virus without any intervention. The only way round this is to disable JavaScript, Flash, Silverlight and anything else that gives the web its rich interactivity and shine. Even then they’ll still find a way to run code. You’re not even safe on an oil rig.

A common method is that the hijacked website will display a message saying that the computer has a virus, the popup looks like Windows Defender or Security Centre and when the user clicks the button to clean the computer they download a virus instead. If in doubt about a popup on a website, close the browser without clicking anything else. Viruses have been known to be loaded by rogue apps and spam messages on social networks, free games and utilities, you need to be so vigilant about what you click on today, carefully considering where it’s come from and whether it’s too good to be true. Rogue emails are not all about Nigerian Millionaires anymore.

I don’t know how the spamming virus got onto one of our PCs but it seems that once it had done it invited many, many friends round to party too. As this machine has no current incoming email account being used on it, only the account details of one that used to be used, I can only assume it was a hijacked website that did us in. I’ll never know. I do know it took a couple of days for four separate anti-malware tools to find and remove what was on there (it’s an old machine and the scans took seven to eight hours each) and even now I still don’t trust that it’s clean though it appears that we’re not sending out any unusual traffic now.

The takeaway lesson is to always have anti-virus and anti-malware software installed and running, and regularly run a couple of extra tools in case. The ones I’ve been using are Microsoft Security Essentials, Malwarebytes, Superantispyware and other tools recommended by our website and email hosting company who also look after our server. Further more always install updates to the operating system and anti-virus software.

Someone said to me last week that someone must be able to do something about the problem, that the ISPs should be held responsible for “letting them (the virus authors) get away with it, for not blocking the viruses” but it’s not that simple, neither is it simple to find those responsible for creating them in the first place though much of the tech industry invests much time and effort in cooperation with governments to try to find them.

Microsoft and Symantec had a recent success in locating and shutting down the control centre of what is called a BotNet – thousands of virus-hijacked computers used to commit crimes, hack other computers or just send out spam, all without the owners noticing. The internet is vast though and the trails that lead to the sources of viruses are long, vague and often hidden by proxies and by the sheer scale of dispersal of the virus if it’s been in the wild for some time.

As for why they do it, some do it to prove that they can, for some kind of prestige, to show how clever they are; some do it for money; some do it to prove a point, maybe to make a political statement. In the end they simply cause havoc; ordinary people lose money, important messages, their life’s work, business deals. Maybe some of them just don’t have any empathy for the people whose work they disrupt, seeing the virus in purely technical terms, not being aware of or caring about the consequences, basking in the glory that what they’ve created has prospered and been noticed. Many simply say that it’ll teach the infected users a lesson, to take backups, to not click on emails from strangers.

Those who say that the virus writers provide an invaluable service, to test security are perhaps right and that would be important where governments want to protect their secrets from other governments but without viruses and spyware we wouldn’t need our security testing in homes and small businesses would we.